Cloud security provider Avanan spotted a number of Cerber Ransomware variants that are targeting corporate Office 365 users with spam or phishing emails leveraging on malicious file attachments.
Threat actors sent an Office document that embedded malicious macros to download the ransomware.
According to a report published by Avanan, threat actors exploited a zero-day vulnerability to deliver the Cerber ransomware,
The ransomware campaign started on June 22, the day after Microsoft started blocking the attachment used in the attacks.
“Starting June 22 at 6:44 a.m. UTC, Avanan’s Cloud Security Platform started to detect a massive attack against its customers that were using Office 365. The attack included a very nasty ransomware virus called Cerber, which was spread through email and encrypted users’ files.” states the report.
Experts from Avanan revealed that the attackers behind the campaign tried to send messages to 57 per cent of the organisations on its security platform using Office 365.
“While difficult to precisely measure how many users got infected, Avanan estimates that roughly 57 percent of organizations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack.”
This specific ransomware encrypts files with AES-256 and requests a 1.24 Bitcoin ransom for unblock the user’s documents.
The experts noticed that strain of the Cerber ransomware used in the attack also takes over the host audio system to read out its ransom note.
Unfortunately, macro-based attacks are still effective, early 2015 the Microsoft Malware Protection Center (MMPC) issued an alert about a surge in the infections of malware using macros to spread their malicious code. The researchers at Microsoft observed a major increase in enable-macros based malware, the most active codes included Adnel and Tarbir.
Recently the campaigns conducted to deliver the Locky and Dridex ransomware malware also leveraged on malicious macros to spread the threat.
[adrotate banner=”9″]
(Security Affairs – Google Widevine DRM, piracy)
Hackers breached Texas DOT (TxDOT), stealing 300,000 crash reports with personal data from its Crash…
SAP fixed a critical NetWeaver flaw that let attackers bypass authorization and escalate privileges. Patch…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws…
Mirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai…
China-linked threat actor targeted over 70 global organizations, including governments and media, in cyber-espionage attacks…
US seeks to seize $7.74M in crypto linked to North Korean fake IT worker schemes,…
This website uses cookies.